[16107] in Kerberos-V5-bugs

[krbdev.mit.edu #8726] Directly dereference the pointer certname

daemon@ATHENA.MIT.EDU (Greg Hudson via RT)Wed Sep 5 12:38:21 2018

Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Greg Hudson via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-8726@krbdev.mit.edu>
Message-ID: <rt-8726-48799.3.12064527282338@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8726'":;
Date: Wed, 5 Sep 2018 12:38:05 -0400 (EDT)
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
"kinit -X X509_user_identity=, princname" also causes the null deref
if the KDC offers PKINIT.
There are some ancillary code hygiene issues here:
* On empty input, parse_fs_options() returns 0 without filling in
idopts->cert_filename and idopts->key_filename. This is papered over
by checks in pkinit_get_certs_fs(), which will return
KRB5KDC_ERR_PREAUTH_FAILED if either field isn't filled in.
* If the second strdup() in parse_fs_options() fails, it returns
ENOMEM but does leave an allocated value in idopts->cert_filename.
This could lead to a memory leak if a subsequent pkinit_identities
value is tried, but under most circumstances I think the allocated
value will be cleaned up during teardown.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs